THE
GAMES Scavenger
Hunt The
enormous participation in, and enthusiastic (not to mention
creative) following of last year's scavenger hunt made it
clear what we must do this year: cooler prizes and stupider
items. Last year the list consisted mostly of
impossible-to-attain items like David Bowie and a bad Tool
song. This year we take it one step further with intangible,
metaphysical concepts: God, luck, lobster. Good luck finding
my homuculus. The
rules are simple: the scavenger hunt continues through the
entire weekend, or until most of the players get arrested.
Run frantically through the hotel, airport, and surrounding
communities stealing items on the attached list. Point
values are intended to reflect the item's difficulty and/or
inherent significance. Winners will be decided by total
points and by how much creative cheating and/or conniving
was used. Teams and groups are encouraged, although those
lucky enough to be listed as a scavenger hunt item may not
participate. Sorry, but them's the breaks. Prizes
will be awarded to the winning individual or team during
closing ceremonies on Sunday. Last year we gave away a big
box of Evil's porn. This year we found something even more
tasteless and embarrassing. Eligibility of individual items
is subject to our judges wrath. Please don't get caught
breaking any laws, and if you do, don't mention Rubi
Con. The
official list will be released at the con. This contest will
be ongoing throughout the weekend, and will end just before
closing
ceremonies on Sunday. Jeopardy Shamelessly
plagiarized from a certain unnamed Las Vegas hacker con, but
with less alcohol. Three teams of three contestants will
compete against each other as our Quiz Master asks
bizarre questions about Stalin-era Soviet doctrine and
obscure mathematical concepts. Right answers are worth a
certain amount of points. Wrong answers are worth public
ridicule. At the end of it all, the team with the most
points wins fabulous prizes. Questions
were written by 'con organizers and reflect their own petty
idiosyncrasies and casual understanding of art, history,
science and culture. Beware the Latin questions! Because
none of our answers have been checked for accuracy, you may
help yourself by answering not with what you think is
correct, but with what you think the question writers think
is correct. As a matter of practice, only those answers
predetermined by the organizers will be accepted. Judges
will decide special cases. We
begin Saturday
evening at 21:00 hours.
There will be three separate bouts of one round each. None
of that double jeopardy nonsense. You are encouraged to sign
up in advance, but any team vacancies will be made up from
the audience. Helpful hits for participants: brush up on
your Jung knowledge and Bjork, Portishead, and Cibo Matto
trivia. Spot
the Ron Con
co-founder Ron Ulko is wondering about the building. If you
think you spot him, point your finger accusingly and shout
for all to hear, "Ron, Ron! That guy's Ron!" Alert an
organizer and begin the deductive process. Often, Ron will
admit to being who he is after little cajoling. If it can be
verified that you did spot Ron, he confesses or some other
evidence is available, you will get a swanky "I spotted
Ron" t-shirt and be the envy of your peers forever. Ron
will get an "I am Ron" t-shirt to wear around the
assembly plant or to use while getting into automobile
accidents. Capture
the Flag The
goal: Own boxes. Defend boxes. The Red Team of hackers
throws everything it has against the Blue Team of defenders,
and everyone struggles for the adoration of their peers. You
pick a side, attackers or defenders, Red or Blue, and fight
for glory and honor. This is considered a team event, but
most players are expected to be solo. In other words: you
have a "side" to fight for, but broad strategies or
maneuvers across the entire team will be considered
unnecessarily complex and are unadvised. We
will put up a handful of "Blue" boxes to be hacked, and all
sysadmins in attendance are invited to join us by adding
their own servers to the mix. Come and show off your elite
security kung fu, and show that damn Red Team what it's all
about. The Blue Team has it's own IP range, so you must sign
up to play. Red
Team members must sign up to get in the Red IP. Torment the
Blue Team with you elite hax0ring, and impress the ladies by
taking down boxes with a k-leet mouse-behind-the-back trick
shot. 1)
To participate, your box must be running a "useful"
service of some kind (smtp, pop, http, ftp, sniffing,
etc.). People must be able to use said service and/or get
an account upon asking the admin. This only applies to
the Blue Team. 2)
You must provide some kind of evidence to the Korps
that you did indeed own a box. 3)
Firewalls (dumb or otherwise) in front of your box
are acceptable. However, you will automatically lose one
point if you put one up. 4)
Korps must be able to inspect your box (and, if
warranted, be provided supervised root access) to see if
it has been owned. You may be woken up OR asked to
desist. 5)
You can't take your own box down for more than 5
minutes. If you do, you will not qualify for the 2 points
in that 12 hour period. 6)
Blatantly shameless and stupid attacks on a box (that
work) do not count. This includes hacking from the
console or firing powerful EMP weapons at the
machine. 7)
If you wish to participate, contact a network
administrator. You will be given an IP address within a
range set aside specially for the two teams. Hacking a
computer outside that range is considered malicious, is
worth 0 points, and may get you a smack upside the
head. 8)
Participation gives explicit consent to full
monitoring and logging. Likewise, network logs will be
released at the end of the conference. 9)
Participation gives explicit consent to unauthorized
entry and manipulation/destruction of data on your
machine. Be prepared to completely wipe and reinstall the
box afterwards, and don't, for God's sake, leave anything
important on it. 10)
Blue Team members will automatically start out with 2
points if they are running a Microsoft OS or a Microsoft
product as an integral part of the system. 11)
The Blue Team may patch their box while the game is
in progress. However, all modifications must adhere to
rule 5. Blue
Team: Red
Team:
.
Rubi
Con 2000
The
rulez:
2 points: every 12 hours that box remains
secure
-1 point: website defaced
-1 point: denial of service attack succeeds,
unauthorized use of resources (ex: mail relay), hacker
creates new user account, hacker is able to save a file
on the server
-2 points: hacker gets elevated access
(non-root)
-2 points: server is spoofed or redirected
-4 points: hacker gains
root/administrator/supervisor access and the admin knows
how
-5 points: hacker gains
root/administrator/supervisor access and the admin does
not know how
5 points: root access on non-MS box
4 points: administrator access on MS box
2 points: spoof or redirect server
2 points: elevated access (non-root)
1 point: save file on server, unauthorized use of
resources (ex: mail relay), create new user account,
deface website
-2 points: denial of service attack that does not
ultimately result in elevated access (as FBI agents may
be standing over your shoulder, you are discouraged from
attempting DoS attacks)